From faa43b74c1f27b8f81c0e5d672ae9b62088ce29a Mon Sep 17 00:00:00 2001 From: "dhollowa@chromium.org" Date: Wed, 11 Aug 2010 21:03:29 +0000 Subject: Autocomplete entries submitted are limited in number. Limits the number of Autocomplete entries added to the WebDB, per form submission, to a maximum of 256. If elements occur that have duplicate names, only the first occurrence is added. BUG=51727 TEST=WebDatabaseTest.Autofill_AddFormFieldValues Review URL: http://codereview.chromium.org/3143005 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@55781 0039d316-1c4b-4281-b951-d872f2087c98 --- chrome/browser/webdata/web_database.cc | 9 +++++ chrome/browser/webdata/web_database.h | 1 + chrome/browser/webdata/web_database_unittest.cc | 47 +++++++++++++++++++++++++ 3 files changed, 57 insertions(+) (limited to 'chrome/browser') diff --git a/chrome/browser/webdata/web_database.cc b/chrome/browser/webdata/web_database.cc index 67699f0..948dc8c 100644 --- a/chrome/browser/webdata/web_database.cc +++ b/chrome/browser/webdata/web_database.cc @@ -1075,12 +1075,21 @@ bool WebDatabase::AddFormFieldValues(const std::vector& elements, bool WebDatabase::AddFormFieldValuesTime(const std::vector& elements, std::vector* changes, base::Time time) { + // Only add one new entry for each unique element name. Use |seen_names| to + // track this. Add up to |kMaximumUniqueNames| unique entries per form. + const size_t kMaximumUniqueNames = 256; + std::set seen_names; bool result = true; for (std::vector::const_iterator itr = elements.begin(); itr != elements.end(); itr++) { + if (seen_names.size() >= kMaximumUniqueNames) + break; + if (seen_names.find(itr->name()) != seen_names.end()) + continue; result = result && AddFormFieldValueTime(*itr, changes, time); + seen_names.insert(itr->name()); } return result; } diff --git a/chrome/browser/webdata/web_database.h b/chrome/browser/webdata/web_database.h index 116816e..ca24cf9 100644 --- a/chrome/browser/webdata/web_database.h +++ b/chrome/browser/webdata/web_database.h @@ -284,6 +284,7 @@ class WebDatabase { FRIEND_TEST_ALL_PREFIXES(WebDatabaseTest, Autofill_GetAllAutofillEntries_TwoSame); FRIEND_TEST_ALL_PREFIXES(WebDatabaseTest, Autofill_UpdateDontReplace); + FRIEND_TEST_ALL_PREFIXES(WebDatabaseTest, Autofill_AddFormFieldValues); // Methods for adding autofill entries at a specified time. For // testing only. bool AddFormFieldValuesTime( diff --git a/chrome/browser/webdata/web_database_unittest.cc b/chrome/browser/webdata/web_database_unittest.cc index 1daa2ed..566d042 100644 --- a/chrome/browser/webdata/web_database_unittest.cc +++ b/chrome/browser/webdata/web_database_unittest.cc @@ -906,6 +906,53 @@ TEST_F(WebDatabaseTest, Autofill_UpdateDontReplace) { EXPECT_EQ(1U, expected_entries.count(entry)); } +TEST_F(WebDatabaseTest, Autofill_AddFormFieldValues) { + WebDatabase db; + ASSERT_EQ(sql::INIT_OK, db.Init(file_)); + + Time t = Time::Now(); + + // Add multiple values for "firstname" and "lastname" names. Test that only + // first value of each gets added. Related to security issue: + // http://crbug.com/51727. + std::vector elements; + elements.push_back(FormField(string16(), + ASCIIToUTF16("firstname"), + ASCIIToUTF16("Joe"), + string16(), + 0)); + elements.push_back(FormField(string16(), + ASCIIToUTF16("firstname"), + ASCIIToUTF16("Jane"), + string16(), + 0)); + elements.push_back(FormField(string16(), + ASCIIToUTF16("lastname"), + ASCIIToUTF16("Smith"), + string16(), + 0)); + elements.push_back(FormField(string16(), + ASCIIToUTF16("lastname"), + ASCIIToUTF16("Jones"), + string16(), + 0)); + + std::vector changes; + db.AddFormFieldValuesTime(elements, &changes, t); + + ASSERT_EQ(2U, changes.size()); + EXPECT_EQ(changes[0], AutofillChange(AutofillChange::ADD, + AutofillKey(ASCIIToUTF16("firstname"), + ASCIIToUTF16("Joe")))); + EXPECT_EQ(changes[1], AutofillChange(AutofillChange::ADD, + AutofillKey(ASCIIToUTF16("lastname"), + ASCIIToUTF16("Smith")))); + + std::vector all_entries; + ASSERT_TRUE(db.GetAllAutofillEntries(&all_entries)); + ASSERT_EQ(2U, all_entries.size()); +} + static bool AddTimestampedLogin(WebDatabase* db, std::string url, const std::string& unique_string, const Time& time) { -- cgit v1.1